General

  • Target

    3fc6b918e1ced60a2c63b5a1a05f7c0779c397d7a7f66f023133f88642bd6911.exe

  • Size

    2.2MB

  • Sample

    241112-2cwd3ssfmb

  • MD5

    5022a2ba409afa3b00df1938c70c234e

  • SHA1

    fa42bf89d6e95a15617a17f6fc609ce485aea5e9

  • SHA256

    3fc6b918e1ced60a2c63b5a1a05f7c0779c397d7a7f66f023133f88642bd6911

  • SHA512

    947d466d006c87f3bd1a3f74a2b0ac9c4a713d120a76cc9a3b7677cd26528209222d503ba66a47e3e21994bbbdb0537adfa0f2a64ff8655338db906c49ec892c

  • SSDEEP

    12288:zHI5E/L+6PJKoXOvWeodiFssJ894HhtRS5kf3DV3rgBp0hJ4T:zHOE/LrJJXOOe2/YE4BaCzZrbhiT

Malware Config

Targets

    • Target

      3fc6b918e1ced60a2c63b5a1a05f7c0779c397d7a7f66f023133f88642bd6911.exe

    • Size

      2.2MB

    • MD5

      5022a2ba409afa3b00df1938c70c234e

    • SHA1

      fa42bf89d6e95a15617a17f6fc609ce485aea5e9

    • SHA256

      3fc6b918e1ced60a2c63b5a1a05f7c0779c397d7a7f66f023133f88642bd6911

    • SHA512

      947d466d006c87f3bd1a3f74a2b0ac9c4a713d120a76cc9a3b7677cd26528209222d503ba66a47e3e21994bbbdb0537adfa0f2a64ff8655338db906c49ec892c

    • SSDEEP

      12288:zHI5E/L+6PJKoXOvWeodiFssJ894HhtRS5kf3DV3rgBp0hJ4T:zHOE/LrJJXOOe2/YE4BaCzZrbhiT

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks